CODEWITHSUNDEEP
ruby-on-railsrubyruby-on-rails-3.1devisecancan
cola
cola

Reputation: 12486

How can I set up cancan?

I have installed devise.

I did,

rails g cancan:ability

This is the Ability class I got in app/models

class Ability
  include CanCan::Ability

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    #   user ||= User.new # guest user (not logged in)
    #   if user.admin?
    #     can :manage, :all
    #   else
    #     can :read, :all
    #   end
    #
    # The first argument to `can` is the action you are giving the user permission to do.
    # If you pass :manage it will apply to every action. Other common actions here are
    # :read, :create, :update and :destroy.
    #
    # The second argument is the resource the user can perform the action on. If you pass
    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
    #
    # The third argument is an optional hash of conditions to further filter the objects.
    # For example, here the user can only update published articles.
    #
    #   can :update, Article, :published => true
    #
    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
  end
end

posts table

                                   Table "public.posts"
   Column    |          Type          |                     Modifiers                      
-------------+------------------------+----------------------------------------------------
 id          | integer                | not null default nextval('posts_id_seq'::regclass)
 title       | character varying(100) | not null
 content     | character varying(500) | not null
 created_at  | date                   | 
 updated_at  | date                   | 
 tags        | character varying(55)  | not null default '50'::character varying
 category_id | integer                | not null default 1
 user_id     | integer                | 
Indexes:
    "posts_pkey" PRIMARY KEY, btree (id)

users table

                                           Table "public.users"
         Column         |            Type             |                     Modifiers                      
------------------------+-----------------------------+----------------------------------------------------
 id                     | integer                     | not null default nextval('users_id_seq'::regclass)
 email                  | character varying(255)      | not null default ''::character varying
 encrypted_password     | character varying(128)      | not null default ''::character varying
 reset_password_token   | character varying(255)      | 
 reset_password_sent_at | timestamp without time zone | 
 remember_created_at    | timestamp without time zone | 
 sign_in_count          | integer                     | default 0
 current_sign_in_at     | timestamp without time zone | 
 last_sign_in_at        | timestamp without time zone | 
 current_sign_in_ip     | character varying(255)      | 
 last_sign_in_ip        | character varying(255)      | 
 confirmation_token     | character varying(255)      | 
 confirmed_at           | timestamp without time zone | 
 confirmation_sent_at   | timestamp without time zone | 
 username               | character varying(255)      | not null
 is_admin               | boolean                     | default false
 created_at             | timestamp without time zone | 
 updated_at             | timestamp without time zone | 
Indexes:
    "users_pkey" PRIMARY KEY, btree (id)
    "index_users_on_confirmation_token" UNIQUE, btree (confirmation_token)
    "index_users_on_email" UNIQUE, btree (email)
    "index_users_on_reset_password_token" UNIQUE, btree (reset_password_token)
    "index_users_on_username" UNIQUE, btree (username)

Now how can I set up cancan to allow/deny some actions of PostController, CommentsController? If the user.is_admin = true then user can edit, delete posts, comments. Otherwise a normal user can only add post after registering. Any guest user can comment for any post.

In PostsController I have

before_filter :authenticate_user! , :except => [:index, :show, :bla1, :bla2, :bla3, :bla4, :bla5, :bla6, :bla7, :bla8, :bla9]

In every controller I had to write such line, that's tedious. Is there any shortcut way to reduce such line in every controller?

Upvotes: 1

Views: 728

Answers (1)

Suborx
Suborx

Reputation: 3669

you should set your ability.rb this way.

class Ability
   include CanCan::Ability

   def initialize(user)

     # rules for admin
     if user.is_admin?
       #if admin can do anything
       can :manage, :all
       #if admin can only edit and destroy posts and comments
       can :edit, Post
       can :destroy, Post
       can :edit, Comment
       can :destroy, Comment  
     end 

     #rules for registred user
     can :create, Post
   end
end

and in yours controllers

class PostsController < ApplicationController
   authorize_resource :except => show
end

class CommentsController < ApplicationController
   authorize_resource :only => [:edit,:update,:destroy]
end

Hope it will be helpfull. :)

Upvotes: 2

Related Questions